Scribd
Upload
136 views1 page

TCP Dump Guide for CheckPoint Admins

Running tcpdump on CheckPoint firewalls via SSH allows network troubleshooting by capturing raw packets, but it is important to save captures to /var/log/ rather than the root directory to prevent firewall issues from filling the root directory. An example command saves a capture of all traffic to a specific host IP in /var/log/ with the filename and .pcap extension.

Uploaded by

patLP11
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
136 views1 page

TCP Dump Guide for CheckPoint Admins

Running tcpdump on CheckPoint firewalls via SSH allows network troubleshooting by capturing raw packets, but it is important to save captures to /var/log/ rather than the root directory to prevent firewall issues from filling the root directory. An example command saves a capture of all traffic to a specific host IP in /var/log/ with the filename and .pcap extension.

Uploaded by

patLP11
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 1

Running TCP Dump in CheckPoint Firewalls via SSH

This document covers how to properly run tcpdump in a CheckPoint firewall via SSH. Tcpdump
is a CLI tool to capture raw network packets. It is very useful for various forms of network
troubleshooting.

It is important to save or write the tcpdump captures in /var/log/ directory to prevent it from
saving it automatically to the root directory. Fully utilizing the root directory will cause various
firewall issues.

Below is an example of tcpdump command saved in a /var/log directory:


tcpdump -nni any '(host 10.7.1.2)' -w /var/log/filename.pcap

tcpdump - tcpdump command


-nni – No hostname and ports resolution
any – any interface
‘(host hostIP)’ – host IP to capture
-w – write
/var/log/filename.pcap – directory and filename of the capture file

You might also like